Lucene search
K

241 matches found

CVE
CVE
added 2026/07/06 9:28 p.m.17 views

CVE-2026-34167

Coolify (open-source self-hosted) has a vulnerability in the ActivityMonitor Livewire component prior to version 4.0.0-beta.471: a public $activityId property is not protected with Livewire’s #[Locked] attribute, allowing any authenticated user to enumerate activity records across all teams and r...

5CVSS6AI score0.00199EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 9:28 p.m.4 views

CVE-2026-34167 Coolify: Cross-tenant activity log disclosure via unlocked Livewire property in ActivityMonitor

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the ActivityMonitor Livewire component exposes a public $activityId property without Livewire's Locked attribute. It loads activities via Activity::find$this-activityId wit...

5CVSS6AI score0.00199EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/07/01 1:32 p.m.6 views

CVE-2026-53341

In the Linux kernel, the following vulnerability has been resolved: fhandle: fix UAF due to unlocked -mntns read in maydecodefh maydecodefh accesses mount::mntns without holding any locks; that means the mount can concurrently be unmounted, and the mntnamespace can concurrently be freed after an...

5.7AI score0.00156EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/10 2:25 a.m.12 views

SUSE CVE-2026-46327

In the Linux kernel, the following vulnerability has been resolved: dm: fix unlocked test for dmsuspendedmd The function dmblkreportzones tests if the device is suspended with the "dmsuspendedmd" call. However, this function is called without holding any locks, so the device may be suspended just...

7.8CVSS5.4AI score0.0012EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 12:25 p.m.32 views

CVE-2026-46327 dm: fix unlocked test for dm_suspended_md

In the Linux kernel, the following vulnerability has been resolved: dm: fix unlocked test for dmsuspendedmd The function dmblkreportzones tests if the device is suspended with the "dmsuspendedmd" call. However, this function is called without holding any locks, so the device may be suspended just...

7.8CVSS0.0012EPSS
Exploits0References4
CVE
CVE
added 2026/06/09 12:25 p.m.28 views

CVE-2026-46327

In the Linux kernel dm subsystem, the vulnerability centers on dm_blk_report_zones checking for suspended state without holding locks, allowing a race where the device may be suspended immediately after the check. The fix moves the dm_suspended_md check to occur after dm_get_live_table, ensuring ...

7.8CVSS5.4AI score0.0012EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/09 12:25 p.m.3 views

CVE-2026-46327 dm: fix unlocked test for dm_suspended_md

In the Linux kernel, the following vulnerability has been resolved: dm: fix unlocked test for dmsuspendedmd The function dmblkreportzones tests if the device is suspended with the "dmsuspendedmd" call. However, this function is called without holding any locks, so the device may be suspended just...

7.8CVSS6.5AI score0.0012EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.18 views

PT-2026-47785

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Device Mapper component where the dm blk report zones function checks if a device is suspended using the dm suspended md call without holding the necessary...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References18
NVD
NVD
added 2026/05/29 2:16 p.m.20 views

CVE-2026-49316

Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module WCM into the CAN bus-off state. Using a well-known CAN...

4.6CVSS0.00181EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/05/29 8:7 a.m.8 views

RDMA/hns: Fix unlocked call to hns_roce_qp_remove()

...

7.8CVSS5.4AI score0.001EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/28 9:35 a.m.36 views

CVE-2026-46112 RDMA/hns: Fix unlocked call to hns_roce_qp_remove()

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix unlocked call to hnsroceqpremove Sashiko points out that hnsroceqpremove requires the caller to hold locks. The error flow in hnsrocecreateqpcommon doesn't hold those locks for the error unwind so it risks corruptin...

7.8CVSS0.001EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.13 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of current instead of waiter::task in the removewaiter function within the rtmutex. This...

7.8CVSS5.8AI score0.00125EPSS
Exploits17References2
EUVD
EUVD
added 2026/05/06 12:30 p.m.9 views

EUVD-2026-27743

In the Linux kernel, the following vulnerability has been resolved: gpio: sysfs: fix chip removal with GPIOs exported over sysfs Currently if we export a GPIO over sysfs and unbind the parent GPIO controller, the exported attribute will remain under /sys/class/gpio because once we remove the pare...

5.8AI score0.00126EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/06 11:27 a.m.29 views

CVE-2026-43181 gpio: sysfs: fix chip removal with GPIOs exported over sysfs

In the Linux kernel, the following vulnerability has been resolved: gpio: sysfs: fix chip removal with GPIOs exported over sysfs Currently if we export a GPIO over sysfs and unbind the parent GPIO controller, the exported attribute will remain under /sys/class/gpio because once we remove the pare...

0.00126EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.11 views

Flexense SysGauge Pro 安全漏洞

Flexense SysGauge Pro is a system analysis tool developed by Flexense Corporation, designed for real-time monitoring of system performance and resource usage. Version 4.6.12 of Flexense SysGauge Pro contains a security vulnerability. This vulnerability stems from a local buffer overflow in the...

8.6CVSS6.4AI score0.0015EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a problem where controller registration fails, leading to the reuse of freed resources after release...

7.8CVSS5.8AI score0.00117EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a race condition between the qdiscresetalltxgt operation and the unlocked queue dequeue operation...

7.8CVSS5.8AI score0.00135EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.8 views

Easy MP3 Downloader 安全漏洞

Easy MP3 Downloader is a music download software developed by Easy MP3 Downloader Inc. Version 4.7.8.8 of Easy MP3 Downloader has a security vulnerability. This vulnerability stems from a buffer overflow in the unlocked code field, which could allow local attackers to cause the application to cra...

6.9CVSS6.1AI score0.00142EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.10 views

PT-2026-26399

Impact Concurrent updateRegistry/removeRegistryEntry operations for sandbox containers and browsers could lose updates or resurrect removed entries under race conditions. The registry writes were read-modify-write in a window with no locking and permissive fallback parsing, so concurrent registry...

6.9CVSS5.8AI score0.00134EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.4 views

PT-2026-5349

In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7AI score0.00102EPSS
Exploits0References3
Rows per page
Query Builder